| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 86047 | 2008-01-01 18:28:00 | Offline pop-ups and sound bites | tamiw2007 (13239) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 626554 | 2008-01-01 18:28:00 | For a couple of days now, I've been getting popups from a couple of sites (one for Chevrolet trucks and one telling me the driving buzzed is still driving drunk, among a few others) and misc. random sound bites (snippets of commercials, random bits of music) when I'm not even online. They last for about 15 seconds, then disappear. My OS is Windows XP & this is only happening on my laptop, which has wireless DSL. I've run Norton AV and spyware software, with no results and my pop-up blocker is active:help: . Any help? | tamiw2007 (13239) | ||
| 626555 | 2008-01-01 18:40:00 | Check that Windows messenger is disabled. Go into Control Panel, Administrative Tools, Services. Find Messenger, right-click on it. If it's running select Stop. Then select the option to disable it. If that doesn't work get Hijackthis (www.spywareinfo.com), run it and ppaste a copy of the log here. |
Greg (193) | ||
| 626556 | 2008-01-01 19:16:00 | Greg, I checked Messenger & it was disabled. Sorry this took so long, but my laptop is also extremely sluggish & had to be rebooted, which took much longer than usual. Here is the log the Hijackthis generated: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:13:48 PM, on 1/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\ Yahoo! \Antivirus\ISafe.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\ Yahoo! \Antivirus\VetMsg.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\ Yahoo! \Antivirus\CAVTray.exe C:\Program Files\ Yahoo! \Antivirus\CAVRID.exe C:\PROGRA~1\ Yahoo! \YOP\yop.exe C:\Program Files\Dotted Decimal\Password Pal\PassPal.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\PROGRA~1\ Yahoo! \browser\ycommon.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Tami\Local Settings\Temporary Internet Files\Content.IE5\F4NM1KCV\HiJackThis_v2[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nse52.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\ Yahoo! \Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\ Yahoo! \Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\ Yahoo! \YOP\yop.exe /autostart O4 - HKLM\..\Run: [Password Pal] C:\Program Files\Dotted Decimal\Password Pal\PassPal.exe O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\ Yahoo! \PARENT~1\ypc.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [mSpotAlltelRemix] "C:\Program Files\Alltel Jump Music\Remix\msptcmd.exe" /runcheck O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - cdn2.zone.msn.com O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - a532.g.akamai.net O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - download.games.yahoo.com O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\ Yahoo! \Antivirus\ISafe.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\ Yahoo! \Antivirus\VetMsg.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 9736 bytes |
tamiw2007 (13239) | ||
| 626557 | 2008-01-01 19:38:00 | I am sure someone will help you with that logfile. There are some things there that look suspicious but I'm not familiar enough with the program to recommend what to fix. That Password Pal - is that something you knowingly installed? And there's a couple of Yahoo security items - did you install them deliberately? Also, what spyware program did you run? Spybot Search and Destroy is recommended. |
Greg (193) | ||
| 626558 | 2008-01-01 19:46:00 | adssite search assistant - probably dodgy, i have never seen this version of the name before but I have seen adssite browser companion etc you seem to be running two antiviruses at th same time Yahoo (computer associates) and nortons is that correct ? Some one much more knowlegeable should be along soon anyway |
Morgenmuffel (187) | ||
| 626559 | 2008-01-01 19:49:00 | Yes, I installed Password Pal quite some time ago. It's safe. I imagine the Yahoo security items are Yahoo's Online Protection Package (spyware, virus, parental controls, pup-up blocker). That's also what I use to search for spyware. I noticed a couple of suspicious lines in the log, but am not experienced enough to know what to do about them, including: O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nse52.dll Is it safe to just delete them? Thanks for your help! I really appreciate it! |
tamiw2007 (13239) | ||
| 626560 | 2008-01-01 19:54:00 | Nigel, I was skeptical about whether Yahoo's virus protection was doing the job, since it was coming up clean, so I downloaded the 15 day trial of Norton and ran it also. Same results, so I deleted it. Good catch! |
tamiw2007 (13239) | ||
| 626561 | 2008-01-01 19:56:00 | No it's not safe until you know for sure what to do. Someone else will surely be along to give you better advice. Eg a couple of those items you mention are safe (and probably required). Adssite is suspicious, and your log seems to show that Windows Messenger is indeed still running. Suggest you double check that it doesn't run automatically. Running more than one anti-virus app can sometimes cause conflicts and less-than-perfect results can occur when using either. Remember, that when you do use Hijackthis to fix items, it's best to disable System Restore and reboot before re-running Hijackthis and doing the fixes. And remember to re-enable it afterwards. |
Greg (193) | ||
| 626562 | 2008-01-01 19:59:00 | If you've deleted the Yahoo stuff, and Nortons is only a trial, you've be advised to get a good anti-virus protection again soon. Get rid of Nortons, please! A lot of users here recommend the free but excellent AVG (free.grisoft.com/), or Avast (http:). |
Greg (193) | ||
| 626563 | 2008-01-01 20:01:00 | Don't delete them yet, some of them leave hooks behind and will just reinfect, or cause system probs In case you don't know Windows Messenger is not the same as the MSN messenger chat program, windows messenger pops up little alert boxes with messages in them |
Morgenmuffel (187) | ||
| 1 2 | |||||